cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
349
Views
0
Helpful
4
Replies

Need access to different subnets

djcharles
Level 1
Level 1

We have a network in another state with subnet 192.168.50.0, 192.168.51.0 and 192.168.52.0.

I am trying to allow them to talk to the network we setup with the ASA device.

I am unable to get the 10.10.11.0 subnet to talk to the 192.168.50.0, 192.168.51.0 and 192.168.52.0 subnets.

I added one other interface to the ASA device and plugged it in but we are receiving no packets on ethernet 0/2

Please let me know how we can get it to work properly.

Below is the config file:

hostname xxxx

enable password xxxxxxxxxxx

encrypted

names

dns-guard

!

interface Ethernet0/0

speed 100

duplex full

nameif outside

security-level 0

ip address 192.168.1.xx 255.255.255.0

!

interface Ethernet0/1

speed 100

duplex full

nameif inside

security-level 100

ip address 10.10.11.xx 255.255.255.0

!

interface Ethernet0/2

speed 100

duplex full

nameif PA

security-level 100

ip address 192.168.50.xxx 255.255.255.0

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

shutdown

no nameif

no security-level

no ip address

management-only

!

passwd 5wyJZrN0zZZDiHA6 encrypted

ftp mode passive

access-list outside_in extended permit icmp any any echo-reply

access-list outside_in extended permit ip any any

pager lines 24

mtu outside 1500

mtu inside 1500

mtu PA 1500

no failover

no asdm history enable

arp timeout 14400

static (inside,outside) 10.10.11.0 10.10.11.0 netmask 255.255.255.255

access-group outside_in in interface outside

route outside 0.0.0.0 0.0.0.0 192.168.1.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh 192.168.1.0 255.255.255.0 outside

ssh timeout 60

console timeout 0

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

Cryptochecksum:4cd1c11a4e23d4d92ee4ba115255a97a

4 Replies 4

acomiskey
Level 10
Level 10

Since the interfaces are the same security level(100) you need

same-security-traffic permit inter-interface

Please rate if this helps.

djcharles
Level 1
Level 1

Thanks. All need to do is enter this command and the traffic will be allowed?

Since the security levels are the same there is no need for access lists.

http://cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a008063f0fb.html#wp1289167

Thanks I'll add that line when I get to the office.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: